server:
    verbosity: 4
    use-syslog: no
    interface: 0.0.0.0
    access-control: {{ netmask }} allow
    root-hints: /etc/root.hints
    pidfile: /tmp/unbound.pid
    cache-max-ttl: 60
{% if ede %}
    # For details check https://blog.nlnetlabs.nl/extended-dns-error-support-for-unbound/
    ede: yes
    val-log-level: 2
{% endif %}

{% if use_dnssec %}
    val-sig-skew-min: 3600
    trust-anchor-file: /etc/trusted-key.key
{% endif %}

    use-caps-for-id: {% if case_randomization %} yes {% else %} no {% endif %}

remote-control:
    control-enable: yes
    control-interface: /run/unbound.ctl
